Legal claims defining the scope of protection, as filed with the USPTO.
1. A method for preventing a reset attack on a microprocessor operable in open mode and secure mode, the method comprising: receiving an external reset signal on a reset port of the microprocessor; determining the microprocessor is operating in secure mode, wherein secure mode allows authenticated code to access confidential information stored in a first storage area of the microprocessor; in response to determining the microprocessor is operating in secure mode, diverting, by a hardware reset diversion circuit, the external reset signal from triggering a hardware reset, to a non-maskable interrupt to trigger an execution of a secured system clean-up routine that erases any of the confidential information stored in a second storage area accessible in open mode; and after the secured system clean-up routine is completed or after a watchdog timer has expired, triggering the hardware reset which transitions the microprocessor from secure mode to open mode.
2. The method of claim 1 , further comprising: when the microprocessor is operating in secure mode, storing, by the authenticated code, the confidential information in the second storage area accessible in open mode.
3. The method of claim 1 , further comprising: determining the processor is operating in open mode; and in response to determining the microprocessor is operating in open mode, not diverting the external reset signal; and allowing the external reset signal to trigger the hardware reset.
4. The method of claim 1 , wherein the second storage area accessible in open mode is accessible by a user through an emulation port in open mode.
5. The method of claim 1 , wherein the erasing of any of the confidential information stored in the second storage area accessible in open mode comprises wiping registers used in secure mode to hold data from access reads to the first storage area.
6. The method of claim 1 , wherein the confidential information comprises a secret key used by the authenticated code in secure mode.
7. The method of claim 1 , wherein the secure clean-up routine executes a watchdog reset to reset the microprocessor at the completion of the secure clean-up routine.
8. The method of claim 1 , wherein the non-maskable interrupt triggers the execution of the secured system clean-up routine by: triggering a look up of an event address stored in event vector table, wherein the event address is a memory address of a location of the secured system clean-up routine; and updating the program counter with the event address to be used by a logic unit to execute the secured system clean-up routine.
9. The method of claim 1 , further comprising: performing authentication of digitally signed code using one or more public keys of authorized users stored in read only memory of the microprocessor; and if the digitally signed code is successfully authenticated by one of the public keys, transitioning the microprocessor into secure mode.
10. The method of claim 9 , further comprising: if the digitally signed code is successfully authenticated by one of the public keys, enabling the hardware reset diversion circuit, which, when enabled, diverts the external reset signal to execute the secured system clean-up routine, and when not enabled, does not divert the external reset signal and allows the external reset signal to trigger the hardware reset.
11. The method of claim 1 , wherein: determining the microprocessor is operating in secure mode comprises determining whether the hardware reset diversion circuit is enabled; and the hardware reset diversion circuit, when enabled, diverts the external reset signal to execute the secured system clean-up routine, and when not enabled, does not divert the external reset signal and allows the external reset signal to trigger the hardware reset.
12. The method of claim 1 , wherein the secured system clean up routine comprises an instruction which triggers the execution of the hardware reset.
13. A microprocessor operable to prevent a reset attack on the microprocessor, said microprocessor operable in open mode and secure mode, comprising: a logic unit; a first storage area accessible by authenticated code in secure mode and stores confidential information; a second storage area accessible in open mode; a hardware reset diversion circuit configured to: receive an external reset signal on a reset port of the microprocessor; determine the microprocessor is operating in secure mode; and in response to determining the microprocessor is operating in secure mode, divert the external reset signal from triggering a hardware reset, to a non-maskable interrupt to trigger an execution of a secured system clean-up routine by the logic unit that erases any of the confidential information stored in a second storage area accessible in open mode; and a hardware reset module configured to, after the secured system clean-up routine is completed or after a watchdog timer has expired, execute the hardware reset which transitions the microprocessor from secure mode to open mode.
14. The microprocessor of claim 13 , wherein the authenticated code, when the microprocessor is operating in secure mode, stores the confidential information in the second storage area accessible in open mode.
15. The microprocessor of claim 13 , wherein the second storage area accessible in open mode is accessible by a user through an emulation port in open mode.
16. The microprocessor of claim 13 , wherein the erasing of any of the confidential information stored in the second storage area accessible in open mode comprises wiping registers used in secure mode to hold data from access reads to the first storage area.
17. The microprocessor of claim 13 , wherein the confidential information comprises a secret key used by the authenticated code in secure mode.
18. The microprocessor of claim 13 , wherein the secure clean-up routine executes a watchdog reset to reset the microprocessor at the completion of the secure clean-up routine.
19. The microprocessor of claim 13 , wherein the non-maskable interrupt triggers the execution of the secured system clean-up routine by: triggering a look up of an event address stored in event vector table, wherein the event address is a memory address of a location of the secured system clean-up routine; and updating the program counter with the event address to be used by the logic unit to execute the secured system clean-up routine.
20. The microprocessor of claim 13 , further comprising a secure access module configured to: perform authentication of digitally signed code using one or more public keys of authorized users stored in read only memory of the microprocessor; and if the digitally signed code is successfully authenticated by one of the public keys, transition the microprocessor into secure mode.
21. The microprocessor of claim 13 , wherein: determining the microprocessor is operating in secure mode comprises determining whether the hardware reset diversion circuit is enabled; and the hardware reset diversion circuit, when enabled, diverts the external reset signal to execute the secured system clean-up routine, and when not enabled, does not divert the external reset signal and allows the external reset signal to trigger the hardware reset.
22. A microprocessor operable to prevent a reset attack on the microprocessor, said microprocessor operable in open mode and secure mode, comprising: means for receiving an external reset signal on a reset port of the microprocessor; means for determining the microprocessor is operating in secure mode, wherein secure mode allows authenticated code to access confidential information stored in a first storage area of the microprocessor; hardware reset diversion means for, in response to determining the microprocessor is operating in secure mode, diverting the external reset signal from triggering a hardware reset, to a non-maskable interrupt to trigger an execution of a secured system clean-up routine that erases any of the confidential information stored in a second storage area accessible in open mode; and means for, after the secured system clean-up routine is completed or after a watchdog timer has expired, triggering the hardware reset which transitions the microprocessor from secure mode to open mode.
23. The microprocessor of claim 22 , wherein the hardware reset diversion means comprises: logic circuit means for detecting if a reset request signal is asserted; logic circuit means for detecting if a reset diversion signal is asserted; and logic circuit means for asserting an output signal to trigger the non-maskable interrupt in response to the reset request signal and the reset diversion signal being asserted.
Unknown
March 1, 2016
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.